Ernie breaks a great story about Jones Day suing the Oakland Tribune to take back the memos they wrote about Diebold's risky ventures in California over uncertified e-voting machines.

While Jones Day chose to use legal tools to restrain news reporting and Free Speech in this case, keep in mind that if we had Trusted Computing, Jones Day could have written the documents in a word processing application that required an attestation that the reader was authorized to access the documents before decrypting them.

If this was the case, the reporters at the Tribune would never have been able to read the documents even after they had acquired them because the application would not "trust" them to decrypt the contents. Unless, of course, they attempted to circumvent the attestation requirement and "hack" into the document, thereby invoking dangers under the DMCA.

When the Diebold email archive and memos were posted on the net by the Swarthmore students and others, Diebold sent DMCA take-down notices to shut down their speech. But there, the students were able to respond and repost the documents. They were able to claim fair use as a defense to the allegations that they infringed Diebold's copyrights in its internal memoranda and emails. With Trusted Computing and the DMCA, fair use is no defense. Under current law, circumvention of Trusted Computing and/or DRM is arguably a criminal and civil violation -- whether your purpose is to publish the Pentagon Papers or the Diebold Papers.

Trusted computing isn't the only technology that can be misused by bad guys to keep information secret that ought to be made public. You can say the same thing about encryption. Maybe we should oppose that, too?

And in this particular case, it was attorney-client privilege which was supposedly breached. Most people will agree that protecting attorney-client privilege is a legitimate social good. If trusted computing (or cryptography) helps with that, it's hardly an example of misuse.

Attorney-client privilege is a privilege against use in litigation. It's not an absolute privilege against disclosure, if a third party happens upon material without fault.

For me the difference between trusted computing and encryption is the degree of publication. Mass distribution is public: you grant access to many and lose some control in exchange for greater reach. Encryption is private, but the further control is still based only on your trust of the recipients; they can copy the document once they've decrypted it. Trusted computing attempts to combine the two badly, giving its distributors access to a wide swath of public without giving that public access to quote in return.

Trusted computing isn't the only technology that can be misused by bad guys to keep information secret that ought to be made public. You can say the same thing about encryption. Maybe we should oppose that, too?

I don't think anyone would oppose encryption. Many oppose the DMCA's effect of making decryption without explicit permission illegal. That is something new and dangerous and original to the DMCA.

------------------------------------------------------------
..
But the ruling, in favor of a radio talk-show host who broadcast a tape of an intercepted cellular-telephone call, was a deliberately narrow one. The Court's majority emphasized that it was not issuing a broad ruling on the constitutionality of all restrictions on publishing or broadcasting truthful information.

"It seems to us that there are important interests to be considered on both sides of the constitutional calculus," Justice John Paul Stevens wrote for the majority. "In considering that balance, we acknowledge that some intrusions on privacy are more offensive than others, and that the disclosure of the contents of a private conversation can be an even greater intrusion on privacy than the interception itself."

"In this case," he went on, "privacy concerns give way when balanced against the interest in publishing matters of public importance . . . One of the costs associated with participation in public affairs is an attendant loss of privacy."
..
------------------------------------------------------------

Trusted computing isn't the only technology that can be misused by bad guys to keep information secret that ought to be made public. You can say the same thing about encryption. Maybe we should oppose that, too?

It's not that things are kept "secret". The problem is that had Trusted Computing been involved then the Oakland Tribune reporter would have been IMPRISONED.

Trusted Computing is a fundamentally flawed concept. The "Trust" portion of the system rests entirely on the assumption that the owner of a computer does not happen to know his own computer key. That key is hidden inside a chip and the chip is designed not to tell it to its owner.

The problem is that you own your computer - it's your property. You have every right to rip your chip open and read out your key with a microscope. Or to pay someone to do that for you. Once you know your key then you regain total control over your computer - the entire Trust system falls apart.

Note that when you know your key the system is still perfectly secure for you, the owner. Simply knowing your key cannot possibly reduce your computer's ability to protect you.You'd still get the exact same protection against viruses and hackers and privacy, all of the advertized benefits of the system. You'd get all of the benefits and none of the abuses. Knowing your key simply means your computer is no longer secure against you, the owner. You should get a printed copy of your key when you buy your computer. They refuse to offer such a system because thepurpose is not to secure your computer for you, the purpose is to secure your computer against you.

Attestation and Trust completely fall apart when people know their key. It's impossible to prevent people from knowing their key, they can just read it out with a microscope. All they can do to "protect" the system is make it a crime to look at your own key.

The idea of Trusted Computing inherently requires revoking basic property rights. The right to look at your own property. Even when it is a crime to look at your property, the Trust system is still worthless. It's impossible to detect when someone else has read out their own key and defeated the Trust system. The moment you rely on the Trust and attestation system for anything more important than a video game then you get burned by anyone who looks at their own key anyway.

This brings up an interesting thought with the "office" variants of Trusted Computing and the desires of whistleblowers.

From the computer's (and perhaps the company's) perspective, a whistleblower is no different from someone engaged in industrial espionage.

Further, by instituting an automatic purge on sensitive documents, there will be no troublesome records to be subpoena'd later. This will doubtless make a corporation's life a bit easier.

Trusted Computing is inevitable. The only "workaround" is to allow human factors into it. The best proposal that I've seen would require all Trusted Computing devices to allow any code to be considered Trusted (without additional logging), if the user is present and has activated a hardware device. This means that if you want to save something that the normal Trusted code won't let you, you can load your own in, WITH the override and do as you wish.

The reason for the override is that by doing so, you are taking on the responsibility for your own actions -- you don't escape the criminality, but it acknowledges that sometimes the law isn't as binary as the computer restrictions.

There are so many misconceptions here, it's difficult to reply to them all, but I'll try.

First, with regard to attorney-client privilege, all I know is that the judge has ordered the documents returned. The newspaper can use summaries but it can not publish the remaining memos verbatim. This sounds like the judge viewed the privilege as being socially and legally important. To the extent that TC protects a socially valuable form of confidentiality, that's a good use of the technology.

As far as TC giving distributors access to the public while depriving public of the right to quote in return, you're looking at things backward. It's not like society generously grants to content creators the privilege of being able to give us their work. Rather, we are all fortunate that our most creative members are willing to share the fruits of their labor with us. Nobody is forced to view this content - the viewers all desire it, and they are willing to pay for it. As part of that exchange, recipients may be asked to accept limitations on how they further share the content, in order to protect the ability of the creator to be rewarded for his efforts. In a free world, viewers are at liberty to accept or refuse the offer. TC helps to enforce limitations which the recipients have already freely agreed to as a condition for receiving valuable and entertaining information.

With regard to the DMCA, to the extent that defeating technological protections is illegal, it's because of that law, and is not because of trusted computing. I'm not defending the DMCA; it's bad legislation. But most properties of TC would still hold even without the DMCA, so to a large extent it is a red herring here.

But to clarify some points, the Oakland newspaper reporter is not the one who would be IMPRISONED. Presumably these documents were leaked by someone on the inside; the reporter didn't break into the building. So someone else would have violated the DMCA in that case, and would have been the one who would be in trouble. Even today, whoever leaked that data might face some legal sanctions for violating confidentiality. But chances are they will never be caught and so nothing will happen to them.

I'll also note that the DMCA could have been called into play if these documents were merely encrypted, or protected even more weakly using simple access control fields built into the document that said "don't print" or "don't copy". The threshold for invoking DMCA protection is extremely low, you don't have to go all the way to the power of TC. So again, legal liability could arise independently of the use of TC technology.

In a way, TC aims to make the DMCA obsolete. The DMCA forces us to act as though technologically based access controls really work, even when they don't and can be circumvented. TC tries to provide technology which will be strong enough to successfully put limits on at least some kinds of data. If TC works, they won't need the DMCA (which will make it that much easier to repeal it).

Whether TC can succeed technologically remains to be seen. It does rely on storing secret keys on a chip. But it's not that easy to pull keys out of chips, even with the first generation. You need an enormously expensive lab and very fancy equipment. And tamper resistant technologies exist which can wipe keys if an outer layer of the chip is breached. Intel already has a chip which integrates the TPM (which holds the keys) onto the CPU, making a single self-contained unit. Future generations will only be more secure.

With regard to owner override, the Unlimited Freedom blog at http://invisiblog.com/1c801df4aee49232/ has some articles describing "good" uses of TC that depend on users being unable to override their attestations; for example, anonymous P2P networks or multiplayer games.

And finally, with the analogy to encryption, many people have in fact argued that encryption should be limited precisely because it helps bad guys. This was a legal battle throughout the 1990s. I was shocked to see this discredited line of argument resurrected here from people who support online freedom. The existence of bad uses is no justification for opposition to a technology, not for encryption and not for TC.

If you do believe in freedom, support the rights of people to choose what technologies they will use, even people whom you don't like. That includes the right of Diebold and its law firm to use encryption and/or TC to protect their confidential documents. We have no standing to step in and argue that they shouldn't use these or any other technologies of their choice to control and manage their data.

"If TC works, they won't need the DMCA (which will make it that much easier to repeal it)."

This argument, while so intellectually appealing, is unlikely to prove true in practice. What will happen according to history is that TC will be used as a further argument in favor of keeping the DMCA. Or worse.

That is, we will be told "You've accepted and supported this in technology - therefore that means it's good in policy, And law is just a way of recognizing that good policy, which you've already accepted".

We've been here before. Many times. The people who lobby for laws, the people who make laws, DO NOT HAVE THIS WEIRD NETHEAD IDEA that law and technology are opposites and antonyms. That's an ideological quirk of us geek types, who confuse it for a general truth.

[quote:] Ernie breaks a great story about Jones Day suing the Oakland Tribune to take back the memos they wrote about Diebold's risky ventures in California over uncertified e-voting machines. While Jones Day chose to use legal tools to restrain... [Read More]